Multiple moderately critical flaws were found in ClipBucket 2.x. Those vulnerabilities are still unpateched. Flaws allow to manipulate data and launch XSS attack. Input data passed via multiple parameters to different scripts are not properly sanitized before being returned to a user. It can be exploited to execute arbitrary HTML and script code in browser in user session context.
Input data passed via „time“ parameter to videos.php or channels.php are not properly sanitized in „update_counter()“ function before being used in SQL queries. It allows attacker to manipulate SQL queries via injecting arbitrary SQL code.
Flaws were found in version 2.6-r738. Other versions may also be affected.

Source: Secunia
10.01.2012